From: Iker Pedrosa Date: Fri, 25 Apr 2025 13:23:11 +0000 (+0200) Subject: lib/, src/: add SELinux control flag in spw_close() X-Git-Tag: 4.19.0-rc1~128^2~54 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b14465a3abadb4d5133861fafc305ed6b78ecebd;p=thirdparty%2Fshadow.git lib/, src/: add SELinux control flag in spw_close() Expand spw_close() interface to add a control flag for SELinux file context processing. Signed-off-by: Iker Pedrosa --- diff --git a/lib/shadowio.c b/lib/shadowio.c index 89c94dd61..903dcf38f 100644 --- a/lib/shadowio.c +++ b/lib/shadowio.c @@ -187,7 +187,7 @@ int spw_rewind (void) return commonio_next (&shadow_db); } -int spw_close (void) +int spw_close (bool process_selinux) { int retval = 0; #ifdef WITH_TCB @@ -197,7 +197,7 @@ int spw_close (void) return 0; } #endif /* WITH_TCB */ - retval = commonio_close (&shadow_db, true); + retval = commonio_close (&shadow_db, process_selinux); #ifdef WITH_TCB if (use_tcb && (shadowtcb_gain_priv () == SHADOWTCB_FAILURE)) { return 0; diff --git a/lib/shadowio.h b/lib/shadowio.h index 4dbeb6d64..e64d8d602 100644 --- a/lib/shadowio.h +++ b/lib/shadowio.h @@ -13,7 +13,7 @@ #include "defines.h" -extern int spw_close (void); +extern int spw_close (bool process_selinux); extern bool spw_file_present (void); extern /*@observer@*/ /*@null@*/const struct spwd *spw_locate (const char *name); extern int spw_lock (void); diff --git a/src/chage.c b/src/chage.c index b5c9ac701..be45af175 100644 --- a/src/chage.c +++ b/src/chage.c @@ -546,7 +546,7 @@ static void close_files (void) * Now close the shadow password file, which will cause all of the * entries to be re-written. */ - if (spw_close () == 0) { + if (spw_close (true) == 0) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, spw_dbname ()); SYSLOG ((LOG_ERR, "failure while writing changes to %s", spw_dbname ())); diff --git a/src/chpasswd.c b/src/chpasswd.c index 391deb888..ba1a3b0dd 100644 --- a/src/chpasswd.c +++ b/src/chpasswd.c @@ -380,7 +380,7 @@ static void open_files (void) static void close_files (void) { if (is_shadow_pwd) { - if (spw_close () == 0) { + if (spw_close (true) == 0) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, spw_dbname ()); diff --git a/src/newusers.c b/src/newusers.c index 2e8f112c0..ebe467441 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -953,7 +953,7 @@ static void close_files (void) pw_locked = false; if (is_shadow) { - if (spw_close () == 0) { + if (spw_close (true) == 0) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, spw_dbname ()); diff --git a/src/passwd.c b/src/passwd.c index 4bc23e597..b1a3e6129 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -625,7 +625,7 @@ static void update_shadow (void) sp = spw_locate (name); if (NULL == sp) { /* Try to update the password in /etc/passwd instead. */ - (void) spw_close (); + (void) spw_close (true); update_noshadow (); if (spw_unlock () == 0) { (void) fprintf (stderr, @@ -681,7 +681,7 @@ static void update_shadow (void) Prog, spw_dbname (), nsp->sp_namp); fail_exit (E_FAILURE); } - if (spw_close () == 0) { + if (spw_close (true) == 0) { (void) fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, spw_dbname ()); diff --git a/src/pwck.c b/src/pwck.c index 6e22923eb..9d30b7d3b 100644 --- a/src/pwck.c +++ b/src/pwck.c @@ -320,7 +320,7 @@ static void close_files (bool changed) } fail_exit (E_CANTUPDATE); } - if (spw_opened && (spw_close () == 0)) { + if (spw_opened && (spw_close (true) == 0)) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, spw_dbname ()); @@ -657,7 +657,7 @@ static void check_pw_file (bool *errors, bool *changed) } #ifdef WITH_TCB if (getdef_bool ("USE_TCB") && spw_locked) { - if (spw_opened && (spw_close () == 0)) { + if (spw_opened && (spw_close (true) == 0)) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, spw_dbname ()); diff --git a/src/pwconv.c b/src/pwconv.c index 1f3b41246..75eb8d07b 100644 --- a/src/pwconv.c +++ b/src/pwconv.c @@ -274,7 +274,7 @@ int main (int argc, char **argv) } } - if (spw_close () == 0) { + if (spw_close (true) == 0) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, spw_dbname ()); diff --git a/src/pwunconv.c b/src/pwunconv.c index 4321c6837..83d3516cd 100644 --- a/src/pwunconv.c +++ b/src/pwunconv.c @@ -205,7 +205,7 @@ int main (int argc, char **argv) } } - (void) spw_close (); /* was only open O_RDONLY */ + (void) spw_close (true); /* was only open O_RDONLY */ if (pw_close (true) == 0) { fprintf (stderr, diff --git a/src/useradd.c b/src/useradd.c index ce24ea8e2..55444c811 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -1567,7 +1567,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ())); fail_exit (E_PW_UPDATE); } - if (is_shadow_pwd && (spw_close () == 0)) { + if (is_shadow_pwd && (spw_close (true) == 0)) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, spw_dbname ()); SYSLOG ((LOG_ERR, "failure while writing changes to %s", spw_dbname ())); diff --git a/src/userdel.c b/src/userdel.c index 7bb29aa1f..d60c974b3 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -404,7 +404,7 @@ static void close_files (void) pw_locked = false; if (is_shadow_pwd) { - if (spw_close () == 0) { + if (spw_close (true) == 0) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, spw_dbname ()); SYSLOG ((LOG_ERR, "failure while writing changes to %s", spw_dbname ())); diff --git a/src/usermod.c b/src/usermod.c index 043591cdc..f392ed58b 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -1479,7 +1479,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ())); fail_exit (E_PW_UPDATE); } - if (is_shadow_pwd && (spw_close () == 0)) { + if (is_shadow_pwd && (spw_close (true) == 0)) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, spw_dbname ());